summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-03-07 10:52:01 +0100
committerLennart Poettering <lennart@poettering.net>2023-03-09 21:56:42 +0100
commitde1461ac5e85049cfa14bee04363ae4547d1fdb1 (patch)
tree2a33f2b93ca1655e66ac75ba6f78cd7c4670da32
parentdissect-image: set MS_NOSYMFOLLOW for ESP/XBOOTLDR (diff)
downloadsystemd-de1461ac5e85049cfa14bee04363ae4547d1fdb1.tar.xz
systemd-de1461ac5e85049cfa14bee04363ae4547d1fdb1.zip
gpt-auto-generator: port to partition_pick_mount_options() too
This way we'll have the same mount options in place if we boot via the gpt generator, or if we mount a DDI locally. Note that this will also enable MS_NOSYMFOLLOW on ESP and XBOOTLDR now, if booted via gpt-auto-generator.
-rw-r--r--src/gpt-auto-generator/gpt-auto-generator.c83
1 files changed, 59 insertions, 24 deletions
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index a197ea9da6..2a5222e6b9 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -245,9 +245,7 @@ static int add_mount(
fprintf(f, "Type=%s\n", fstype);
if (options)
- fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro");
- else
- fprintf(f, "Options=%s\n", rw ? "rw" : "ro");
+ fprintf(f, "Options=%s\n", options);
r = fflush_and_check(f);
if (r < 0)
@@ -301,18 +299,31 @@ static int path_is_busy(const char *where) {
}
static int add_partition_mount(
+ PartitionDesignator d,
DissectedPartition *p,
const char *id,
const char *where,
const char *description) {
+ _cleanup_free_ char *options = NULL;
int r;
+
assert(p);
r = path_is_busy(where);
if (r != 0)
return r < 0 ? r : 0;
+ r = partition_pick_mount_options(
+ d,
+ dissected_partition_fstype(p),
+ p->rw,
+ /* discard= */ true,
+ &options,
+ /* ret_ms_flags= */ NULL);
+ if (r < 0)
+ return r;
+
return add_mount(
id,
p->node,
@@ -321,7 +332,7 @@ static int add_partition_mount(
p->rw,
p->growfs,
/* measure= */ STR_IN_SET(id, "root", "var"), /* by default measure rootfs and /var, since they contain the "identity" of the system */
- NULL,
+ options,
description,
SPECIAL_LOCAL_FS_TARGET);
}
@@ -452,20 +463,8 @@ static int add_automount(
return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit);
}
-static const char *esp_or_xbootldr_options(const DissectedPartition *p) {
- assert(p);
-
- /* Discovered ESP and XBOOTLDR partition are always hardened with "noexec,nosuid,nodev".
- * If we probed vfat or have no idea about the file system then assume these file systems are vfat
- * and thus understand "umask=0077". */
-
- if (!p->fstype || streq(p->fstype, "vfat"))
- return "umask=0077,noexec,nosuid,nodev";
-
- return "noexec,nosuid,nodev";
-}
-
static int add_partition_xbootldr(DissectedPartition *p) {
+ _cleanup_free_ char *options = NULL;
int r;
assert(p);
@@ -489,13 +488,23 @@ static int add_partition_xbootldr(DissectedPartition *p) {
if (r > 0)
return 0;
+ r = partition_pick_mount_options(
+ PARTITION_XBOOTLDR,
+ dissected_partition_fstype(p),
+ /* rw= */ true,
+ /* discard= */ false,
+ &options,
+ /* ret_ms_flags= */ NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to determine default mount options for Boot Loader Partition: %m");
+
return add_automount("boot",
p->node,
"/boot",
p->fstype,
/* rw= */ true,
/* growfs= */ false,
- esp_or_xbootldr_options(p),
+ options,
"Boot Loader Partition",
120 * USEC_PER_SEC);
}
@@ -503,6 +512,7 @@ static int add_partition_xbootldr(DissectedPartition *p) {
#if ENABLE_EFI
static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
const char *esp_path = NULL, *id = NULL;
+ _cleanup_free_ char *options = NULL;
int r;
assert(p);
@@ -569,13 +579,23 @@ static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
} else
log_debug("Not an EFI boot, skipping ESP check.");
+ r = partition_pick_mount_options(
+ PARTITION_ESP,
+ dissected_partition_fstype(p),
+ /* rw= */ true,
+ /* discard= */ false,
+ &options,
+ /* ret_ms_flags= */ NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to determine default mount options for EFI System Partition: %m");
+
return add_automount(id,
p->node,
esp_path,
p->fstype,
/* rw= */ true,
/* growfs= */ false,
- esp_or_xbootldr_options(p),
+ options,
"EFI System Partition Automount",
120 * USEC_PER_SEC);
}
@@ -637,6 +657,7 @@ static int add_root_cryptsetup(void) {
static int add_root_mount(void) {
#if ENABLE_EFI
+ _cleanup_free_ char *options = NULL;
int r;
if (!is_efi_boot()) {
@@ -668,6 +689,20 @@ static int add_root_mount(void) {
/* Note that we do not need to enable systemd-remount-fs.service here. If
* /etc/fstab exists, systemd-fstab-generator will pull it in for us. */
+ r = partition_pick_mount_options(
+ PARTITION_ROOT,
+ arg_root_fstype,
+ arg_root_rw > 0,
+ /* discard= */ true,
+ &options,
+ /* ret_ms_flags= */ NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to pick root mount options: %m");
+
+ if (arg_root_options)
+ if (!strextend_with_separator(&options, ",", arg_root_options))
+ return log_oom();
+
return add_mount(
"root",
"/dev/gpt-auto-root",
@@ -676,7 +711,7 @@ static int add_root_mount(void) {
/* rw= */ arg_root_rw > 0,
/* growfs= */ false,
/* measure= */ true,
- arg_root_options,
+ options,
"Root Partition",
in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
#else
@@ -745,25 +780,25 @@ static int enumerate_partitions(dev_t devnum) {
}
if (m->partitions[PARTITION_HOME].found) {
- k = add_partition_mount(m->partitions + PARTITION_HOME, "home", "/home", "Home Partition");
+ k = add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME, "home", "/home", "Home Partition");
if (k < 0)
r = k;
}
if (m->partitions[PARTITION_SRV].found) {
- k = add_partition_mount(m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition");
+ k = add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition");
if (k < 0)
r = k;
}
if (m->partitions[PARTITION_VAR].found) {
- k = add_partition_mount(m->partitions + PARTITION_VAR, "var", "/var", "Variable Data Partition");
+ k = add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR, "var", "/var", "Variable Data Partition");
if (k < 0)
r = k;
}
if (m->partitions[PARTITION_TMP].found) {
- k = add_partition_mount(m->partitions + PARTITION_TMP, "var-tmp", "/var/tmp", "Temporary Data Partition");
+ k = add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP, "var-tmp", "/var/tmp", "Temporary Data Partition");
if (k < 0)
r = k;
}